[Openswan Users] Problem trying to establish a tunnel to a client
Cassiano Leal
cassianol at dbserver.com.br
Fri Dec 22 08:25:20 EST 2006
Hi
I'm trying to establish an Openswan tunnel with a client's ISA Server.
Openswan is installed on my firewall box, which has three network
interfaces: eth0 for LAN, eth1 for DMZ and eth2 for my Internet link.
The problem is that the logs are showing Openswan trying to connect via
eth1 instead of eth2. How do I change this behaviour?
From my /etc/ipsec.conf:
conn partner01
type=tunnel
left=<my firewall IP>
leftsubnet=10.0.101.0/24
leftnexthop=<my external gateway>
right=<their ISA Server IP>
rightsubnet=10.51.0.0/24
rightnexthop=%defaultroute
auto=start
authby=secret
compress=yes
When I restart /etc/init.d/ipsec, I get the following on /var/log/syslog:
Dec 22 10:28:49 shorewall ipsec__plutorun: 003 ERROR: "partner01" #1:
sendto on eth1 to <ISA Server IP>:500 failed in main_outI1. Errno 1:
Operation not permitted
Dec 22 10:28:49 shorewall ipsec__plutorun: 104 "partner01" #1:
STATE_MAIN_I1: initiate
Dec 22 10:28:49 shorewall ipsec__plutorun: ...could not start conn
"partner01"
Dec 22 10:30:53 shorewall ipsec__plutorun: 003 ERROR: "partner01" #1:
sendto on eth1 to <ISA Server IP>:500 failed in main_outI1. Errno 1:
Operation not permitted
Dec 22 10:30:53 shorewall ipsec__plutorun: 104 "partner01" #1:
STATE_MAIN_I1: initiate
Dec 22 10:30:53 shorewall ipsec__plutorun: ...could not start conn
"partner01"
Any help would be appreciated.
Thanks a lot.
Cassiano Leal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cassianol.vcf
Type: text/x-vcard
Size: 407 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20061222/d15900c2/attachment.vcf
More information about the Users
mailing list